INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. 2018/04/13 00:03:13 fuzzer started 2018/04/13 00:03:14 dialing manager at 10.128.0.26:44405 2018/04/13 00:03:20 kcov=true, comps=false 2018/04/13 00:03:23 executing program 0: 2018/04/13 00:03:23 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000300)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000002640)="5b5331d25a71c6a64f00d90720f785f88f9e63f90f76c48feee314083a181eefab2af8a65643ebc8c2b907fdebdd7b6aabd04ebe5b3133ae10d25c8992f969f3462f985649a0d1aeb7d535535fe9ce30e21dc14811cdff61456d7141cc19a8c86d8c80ccc6639cbb396c5307933f3d1c5a346d2d3a47311974a4970abaccab9b06afbdf003eb24b16c82af83155e9b5533db3eeb4e9c0722105fdc7585c77f5238ae3d12f08c8ab6dcf0edb2490a54ac46932250eb853d86d10cff49f40797062fee0affd74773c634", 0xc9}], 0x1, &(0x7f0000003640)}}], 0x1, 0x0) shutdown(r0, 0x1) clock_gettime(0x0, &(0x7f0000004d00)={0x0, 0x0}) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in={{0x2, 0x0, @loopback=0x7f000001}}, 0x0, 0x40, 0x0, "bb7d979a5ee032056dff2fc639ba6368d0d71d898a4e124cf21cd30cb70965e6517b9cd90bda9821886e8cd3637def26f925ad25edc2a48d5320748f0957c324fe23baa6085747576770b4aaa4b7bab6"}, 0xd8) recvmmsg(r0, &(0x7f0000004b00)=[{{&(0x7f0000002500)=@sco, 0x80, &(0x7f0000004340)=[{&(0x7f00000041c0)=""/215, 0xd7}], 0x1, &(0x7f0000000180)=""/186, 0xba}}, {{&(0x7f0000004600)=@nfc_llcp, 0x80, &(0x7f0000004a40), 0x0, &(0x7f0000004ac0)}}], 0x2, 0x0, &(0x7f0000000140)={0x0, r1+30000000}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000840)={{{@in, @in=@multicast1}}, {{}, 0x0, @in=@loopback}}, &(0x7f0000000940)=0xe8) 2018/04/13 00:03:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9c0000001a0015042abd7000ffdbdf251c140000fc02ff0a00000000080001000000000010000100000000d00000003000fff7ff08001a008a0000001c0001000000007000000000000000000000008000000000ff000040180001000000000000000000000100a000000030000000000e0000000047dc003000000000000000d0000000000000000000f0ffff0000000008000400"], 0x1}, 0x1, 0x0, 0x0, 0x800}, 0x0) 2018/04/13 00:03:23 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f00002bd93e)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0) readv(r1, &(0x7f0000c33000)=[{&(0x7f0000007000)=""/171, 0x39c9}], 0x1) 2018/04/13 00:03:23 executing program 3: 2018/04/13 00:03:23 executing program 4: 2018/04/13 00:03:23 executing program 5: 2018/04/13 00:03:23 executing program 6: syzkaller login: [ 41.353477] ip (3639) used greatest stack depth: 54688 bytes left [ 41.769090] ip (3678) used greatest stack depth: 54312 bytes left [ 42.799810] ip (3778) used greatest stack depth: 53960 bytes left [ 44.892097] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.947259] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.975008] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.160277] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.193336] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.238558] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.252513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.284738] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.694736] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.806865] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.864660] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.087906] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.149895] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.194680] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.254477] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.268181] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.444760] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.451082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.460907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.553807] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.560136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.571816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.692937] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.699200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.715998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.928924] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.935221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.948164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.976750] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.986238] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.994383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.007571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.031227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.060936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.081930] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.088465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.096111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.105338] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.159671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.197213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.847404] ================================================================== [ 56.854975] BUG: KMSAN: uninit-value in tcp_parse_options+0xd74/0x1a30 [ 56.861641] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.16.0+ #83 [ 56.867859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.877190] Call Trace: [ 56.879752] [ 56.881887] dump_stack+0x185/0x1d0 [ 56.885495] ? tcp_parse_options+0xd74/0x1a30 [ 56.889971] kmsan_report+0x142/0x240 [ 56.893755] __msan_warning_32+0x6c/0xb0 [ 56.897817] tcp_parse_options+0xd74/0x1a30 [ 56.902129] tcp_validate_incoming+0x4f1/0x2790 [ 56.906784] tcp_rcv_state_process+0xb19/0x6490 [ 56.911437] ? __bpf_prog_run32+0x127/0x170 [ 56.915743] ? security_sock_rcv_skb+0x4c/0x1f0 [ 56.920420] tcp_v4_do_rcv+0xb26/0xd90 [ 56.924290] tcp_v4_rcv+0x5b25/0x6750 [ 56.928087] ? tcp_filter+0x270/0x270 [ 56.931866] ip_local_deliver_finish+0x6ed/0xd40 [ 56.936612] ip_local_deliver+0x43c/0x4e0 [ 56.940740] ? ip_local_deliver+0x4e0/0x4e0 [ 56.945042] ? ip_call_ra_chain+0x7b0/0x7b0 [ 56.949344] ip_rcv_finish+0x1253/0x16d0 [ 56.953389] ip_rcv+0x119d/0x16f0 [ 56.956822] ? ip_rcv+0x16f0/0x16f0 [ 56.960436] __netif_receive_skb_core+0x47cf/0x4a80 [ 56.965434] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 56.971215] ? ip_local_deliver_finish+0xd40/0xd40 [ 56.976125] process_backlog+0x62d/0xe20 [ 56.980181] ? rps_trigger_softirq+0x2f0/0x2f0 [ 56.984742] net_rx_action+0x7c1/0x1a70 [ 56.988699] ? net_tx_action+0xab0/0xab0 [ 56.992744] __do_softirq+0x56d/0x93d [ 56.996531] irq_exit+0x202/0x240 [ 56.999966] exiting_irq+0xe/0x10 [ 57.003398] smp_apic_timer_interrupt+0x64/0x90 [ 57.008047] apic_timer_interrupt+0xf/0x20 [ 57.012261] [ 57.014480] RIP: 0010:default_idle+0x1fb/0x3c0 [ 57.019036] RSP: 0018:ffff8801df67fdf0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff12 [ 57.026722] RAX: ffff880203eb5440 RBX: 0000000000000000 RCX: ffff880000000000 [ 57.033970] RDX: ffff880203ab5440 RSI: aaaaaaaaaaaab000 RDI: ffffea0000000000 [ 57.041220] RBP: ffff8801df67fe28 R08: 0000000001080020 R09: 0000000000000002 [ 57.048467] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 57.055717] R13: ffff8801df5f3b00 R14: ffff8801df67fe8c R15: ffff8801df5f4418 [ 57.062974] ? __sched_text_end+0x1/0x1 [ 57.066928] arch_cpu_idle+0x20/0x30 [ 57.070622] do_idle+0x349/0x790 [ 57.073969] cpu_startup_entry+0x45/0x50 [ 57.078012] ? setup_APIC_timer+0x220/0x220 [ 57.082316] start_secondary+0x39d/0x470 [ 57.086360] secondary_startup_64+0xa5/0xb0 [ 57.090661] [ 57.092263] Uninit was created at: [ 57.095786] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 57.100872] kmsan_kmalloc+0x94/0x100 [ 57.104654] kmsan_slab_alloc+0x11/0x20 [ 57.108696] __kmalloc_node_track_caller+0xaed/0x11c0 [ 57.113866] __alloc_skb+0x2cf/0x9f0 [ 57.117557] tcp_send_ack+0x18c/0x910 [ 57.121336] tcp_fin+0x298/0x8f0 [ 57.124679] tcp_data_queue+0x2cb9/0xa200 [ 57.128809] tcp_rcv_state_process+0x5c61/0x6490 [ 57.133543] tcp_v4_do_rcv+0xb26/0xd90 [ 57.137408] tcp_v4_rcv+0x5b25/0x6750 [ 57.141185] ip_local_deliver_finish+0x6ed/0xd40 [ 57.145919] ip_local_deliver+0x43c/0x4e0 [ 57.150046] ip_rcv_finish+0x1253/0x16d0 [ 57.154082] ip_rcv+0x119d/0x16f0 [ 57.157528] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.162538] process_backlog+0x62d/0xe20 [ 57.166585] net_rx_action+0x7c1/0x1a70 [ 57.170542] __do_softirq+0x56d/0x93d [ 57.174317] ================================================================== [ 57.181651] Disabling lock debugging due to kernel taint [ 57.187075] Kernel panic - not syncing: panic_on_warn set ... [ 57.187075] [ 57.194421] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.16.0+ #83 [ 57.201926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.211255] Call Trace: [ 57.213818] [ 57.215949] dump_stack+0x185/0x1d0 [ 57.219556] panic+0x39d/0x940 [ 57.222743] ? tcp_parse_options+0xd74/0x1a30 [ 57.227217] kmsan_report+0x238/0x240 [ 57.230998] __msan_warning_32+0x6c/0xb0 [ 57.235066] tcp_parse_options+0xd74/0x1a30 [ 57.239381] tcp_validate_incoming+0x4f1/0x2790 [ 57.244043] tcp_rcv_state_process+0xb19/0x6490 [ 57.248698] ? __bpf_prog_run32+0x127/0x170 [ 57.253001] ? security_sock_rcv_skb+0x4c/0x1f0 [ 57.257661] tcp_v4_do_rcv+0xb26/0xd90 [ 57.261541] tcp_v4_rcv+0x5b25/0x6750 [ 57.265335] ? tcp_filter+0x270/0x270 [ 57.269115] ip_local_deliver_finish+0x6ed/0xd40 [ 57.273852] ip_local_deliver+0x43c/0x4e0 [ 57.277977] ? ip_local_deliver+0x4e0/0x4e0 [ 57.282281] ? ip_call_ra_chain+0x7b0/0x7b0 [ 57.286583] ip_rcv_finish+0x1253/0x16d0 [ 57.290629] ip_rcv+0x119d/0x16f0 [ 57.294063] ? ip_rcv+0x16f0/0x16f0 [ 57.297676] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.302674] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 57.308453] ? ip_local_deliver_finish+0xd40/0xd40 [ 57.313361] process_backlog+0x62d/0xe20 [ 57.317405] ? rps_trigger_softirq+0x2f0/0x2f0 [ 57.321962] net_rx_action+0x7c1/0x1a70 [ 57.325919] ? net_tx_action+0xab0/0xab0 [ 57.329969] __do_softirq+0x56d/0x93d [ 57.333754] irq_exit+0x202/0x240 [ 57.337187] exiting_irq+0xe/0x10 [ 57.340623] smp_apic_timer_interrupt+0x64/0x90 [ 57.345272] apic_timer_interrupt+0xf/0x20 [ 57.349567] [ 57.351783] RIP: 0010:default_idle+0x1fb/0x3c0 [ 57.356342] RSP: 0018:ffff8801df67fdf0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff12 [ 57.364032] RAX: ffff880203eb5440 RBX: 0000000000000000 RCX: ffff880000000000 [ 57.371280] RDX: ffff880203ab5440 RSI: aaaaaaaaaaaab000 RDI: ffffea0000000000 [ 57.378531] RBP: ffff8801df67fe28 R08: 0000000001080020 R09: 0000000000000002 [ 57.385777] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 57.393125] R13: ffff8801df5f3b00 R14: ffff8801df67fe8c R15: ffff8801df5f4418 [ 57.400386] ? __sched_text_end+0x1/0x1 [ 57.404339] arch_cpu_idle+0x20/0x30 [ 57.408039] do_idle+0x349/0x790 [ 57.411387] cpu_startup_entry+0x45/0x50 [ 57.415432] ? setup_APIC_timer+0x220/0x220 [ 57.419731] start_secondary+0x39d/0x470 [ 57.423773] secondary_startup_64+0xa5/0xb0 [ 57.428508] Dumping ftrace buffer: [ 57.432028] (ftrace buffer empty) [ 57.435711] Kernel Offset: disabled [ 57.439310] Rebooting in 86400 seconds..